Smart card reader security

Thomas Harning Jr. harningt at gmail.com
Fri Oct 18 01:56:27 CEST 2013


Wow, that's a lot of firmware space for something that looks so
simple. Hopefully they open-source the firmware (though I suppose they
should shove unsightly decryption key absconding code in the firmware
that runs the firmware).
One could also be concerned about regular readers... there's alot of
space they "could" be putting storage space for decryption keys so
that if the device is "lost" or "shipped for manufacturer servicing"
they can pull them off.

In short, it's really hard to be sure that anything is safe. You have
to start somewhere.

On Thu, Oct 17, 2013 at 11:55 AM, Christian Weinz
<christian.weinz at gmail.com> wrote:
> Hello,
>
> I bought a cyberJack go [1] to use it with my openPGP smart card for
> authentification. Since the firmware of that device is upgradeable and
> is capable of saving atleast 2 GB of data, how can I be sure it is not a
> security threat by saving sensitive data?
>
> Best regards,
> Christian Weinz
>
> [1]
> http://www.scm-pc-card.de/index.php?page=product&function=show_product&lang=en&category_id=46&p=cyberJack%20go&c=SmartCard%20%20%28SCR%29&product_id=825
>
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users



-- 
Thomas Harning Jr. (http://about.me/harningt)



More information about the Gnupg-users mailing list